Sorry, I did not pay attention You have the reason He are writing a decode rule
Regards, 2013/2/27 dan (ddp) <[email protected]> > > On Feb 27, 2013 7:38 AM, "R0me0 ***" <[email protected]> wrote: > > > > Use syslog instead "rsyslog" > > > > You are confused. > > > > > 2013/2/27 root <[email protected]> > >> > >> hi,all > >> > >> now, i write the decoder like this > >> > >> <decoder name="rsyslog"> > >> <prematch>^(.*)\s+rsyslogd-pstats:\s+(.*)</prematch> > >> <order>extra_data</order> > >> </decoder> > >> > >> but when i restart the ossec > >> > >> > 2013/02/27 20:04:21 ossec-analysisd(2107): ERROR: Decoder configuration > error: 'rsyslog'. > >> > 2013/02/27 20:04:21 ossec-testrule(1202): ERROR: Configuration error at > '/etc/decoder.xml'. Exiting. > >> > >> how can i do what? > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > >> For more options, visit https://groups.google.com/groups/opt_out. > >> > >> > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
